so, I’m following the directions to get rid of the malware trojan horse…
attached is the first log
Help!
MBAM:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.21.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexis N. Harold :: ALEXIS-LAPTOP [administrator]
11/21/2012 6:26:45 PM
mbam-log-2012-11-21 (18-26-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205168
Time elapsed: 10 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 19
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) → No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) → No action taken.
HKCR\CLSID{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCR\TypeLib{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCR\Interface{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) → Quarantined and deleted successfully.
HKCR\CLSID{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CLSID{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) → Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) → Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) → Data: 215 Apps → Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 5
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Local Settings\Application Data\I Want This (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\AppData\Local\I Want This (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) → Quarantined and deleted successfully.
Files Detected: 17
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Downloads\wp32z (1).exe (Trojan.Agent.WP) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Downloads\wp32z (2).exe (Trojan.Agent.WP) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Downloads\wp32z (3).exe (Trojan.Agent.WP) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Downloads\wp32z.exe (Trojan.Agent.WP) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\fb.js (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\jquery.js (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\json.js (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) → Quarantined and deleted successfully.
C:\Users\Alexis N. Harold\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) → Quarantined and deleted successfully.
(end)
aswMBR:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-22 00:16:08
00:16:08.219 OS Version: Windows x64 6.1.7601 Service Pack 1
00:16:08.219 Number of processors: 2 586 0x170A
00:16:08.221 ComputerName: ALEXIS-LAPTOP UserName:
00:16:09.314 Initialize success
00:16:09.476 AVAST engine defs: 12111700
00:16:19.582 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
00:16:19.584 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
00:16:19.660 Disk 0 MBR read successfully
00:16:19.663 Disk 0 MBR scan
00:16:19.667 Disk 0 Windows 7 default MBR code
00:16:19.678 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
00:16:19.695 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 16898 MB offset 206848
00:16:19.718 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 288238 MB offset 34828920
00:16:19.797 Disk 0 scanning C:\windows\system32\drivers
00:16:39.792 Service scanning
00:17:36.809 Modules scanning
00:17:36.824 Disk 0 trace - called modules:
00:17:36.854 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:17:36.882 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa80030e8060]
00:17:36.891 3 CLASSPNP.SYS[fffff8800185143f] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa8002e2e050]
00:17:38.054 AVAST engine scan C:\windows
00:17:49.032 AVAST engine scan C:\windows\system32
00:21:45.474 AVAST engine scan C:\windows\system32\drivers
00:22:02.284 AVAST engine scan C:\Users\Alexis N. Harold
00:40:43.576 AVAST engine scan C:\ProgramData
00:44:41.085 Scan finished successfully
00:45:24.632 Disk 0 MBR has been saved successfully to “C:\MBR.dat”
00:45:24.639 The log file has been saved successfully to “C:\aswMBR.txt”